Understanding RESTful API Lifecycle (Development, Testing, Deployment & Integration) using ASP.NET MVC
Video Transcription
Everyone. So I'm starting my session. Uh So, first of all, uh hello, everyone and Aslam Likam, I'm Asma Khalid. I'm from Pakistan.And uh first of all, I would like to take this opportunity and thank you and thanks to the organization of this huge event uh for bringing all of us together and you know, uh bringing a lot of informative sessions uh for us and other uh opportunities and, you know, you know, be able to connect us uh globally and uh uh let's uh uh you know, start.
So today, what I going to discuss, I'm will be discussing about a full life cycle of a restful web api from development to testing, to deploying and to uh integrating uh using uh Microsoft technology G stack, which is a sp.net M BC. So before that, let me introduce myself uh to you. So my name is uh uh Asma Khalid. Uh I have about eight plus year of industrial experience in leading managing and developing it projects and products. Uh I'm a master uh I have master degree in computer science from reputed uh institution in my country. And I also have bachelor degree in computer science again from reputed institution from my country. Uh Then as for my international accredit, I am first female from my country, Pakistan uh to receive Microsoft most valuable professional award four times and also first female from Pakistan to receive C# wonder online developer community, most uh valuable professional award five times uh in a row.
And uh my uh also uh you can check out my profile on C# corner. My articles have about 6.7 million reads and I rank uh at uh at uh 223 among three plus million other uh members uh in the community. So let's start with the, what is the web API all about and uh what is its life cycle? So before I jump into the development and other aspect of the web A P A, we need to establish an understanding that what web A PS is, is actually about. So web API is basically a means of exchanging data between client and server machines. So you have a, a web A P and you have a data and you want to share it uh between your client and server machine. Now, when I talk about client or server machine, server, uh can be uh of any uh technology stack of your choice. It could be either PSP uh stack or it could be Microsoft technology stack. And uh uh as for client site, client site is basically where you, you know, in integrate your API S and receive data from your, you know, uh from your server and client can be your website, it can be your IOT devices and it can be anything that uh you know, accept uh web API as an integrator for data exchange.
So uh we need to also understand the difference between a normal web and a web A P A which is quite simple. So web is basically uh based entirely on. So here is a basically a few key differences that separates web and web A P A web bas basically requires U I and user interaction. And it is entirely dependent on interaction between a user and uh and uh you know, and the application and also the dependency of your website or web is dependent dependent entirely on uh on a web browser, which can be a Firefox uh Internet explorer, Microsoft edge, uh Internet explorer has been obsolete now.
Uh And then you can have chrome uh as well. While on the other hand, web API does not require any user or you uh uh interfaces to exchange your data. As I already told you, web A P A is basically a means of exchanging a data between uh you know, a user uh and uh and your client and your uh server machines. Fine. So you don't need any specific uh a very rich uh U I or user experience to, you know, get information uh from your web API uh the data can be as plain as a simple string, uh you know stream of string, as simple as you know uh JSN and XML is also another format that is being used to exchange data.
If you have a very complex set of data and establish already a contract between your client machine and your server machine, then you can use more specialized format of data exchange, which is JN and ML most commonly JN is used. Then the another good thing that web API has is that it is in not a client side, you know, platform, any specific platform dependent. Like when I say that, I mean that you do not need any specific technology stack to integrate or access in uh you know, data from your web API, you can uh integrate web API into any uh you know uh platform that support it. You can have uh underlining platform as Zamin as Android as I OS you know any uh other IOT devices like vending machines, SDKS or websites, you can integrate your website into any uh pla uh any platform that support web A P. So it is not uh from client and it's not dependent on any technology uh framework or platform. Then uh again, it's uh as I say, it's independent of any client side uh platform. So uh definitely it's, it, it is very easy to integrate. It's not a very rocket and not very difficult process to integrate a web API into your uh underlying client machine. So there are actually two types of web API S that uh are being used or developed. So first is rest restful web API, which is very commonly used.
And then we have soap, web API. Now I'm not going to go into detail of what soap API is. Uh uh the uh you can, you know, look into what soap is about. So I will heavily discussing about Restful Web API. But the key difference in both of them is that soap is this uh requires some, you know, object contract between your client and uh se uh server machine and it add a bit of security layer as comparative uh to restful web API. So that's why it's considered a bit lightweight in na uh uh nature uh which I mean is restful web API is considered light in nature as compared to. So, because it has some additional layers to it. So let's uh talk about restful web web API then. Uh so starting F uh for uh for restful web API. So first comes the development phase. Now there are certain aspect uh in development phase that we need to consider before we jump right straight into, you know, coding it. So first step is we need to extract uh first requirement or you know, uh figure out whatever requirement has been provided to us, we need to figure out how many number of API we have. Uh we we could have in the uh uh uh in this particular requirement and what would be the input and output and, and point.
So if, for example, if you look into this uh uh screenshot, which is, which is uh an example of certain data information that is being imported from local machine. Now, if I want to let suppose, post this information to my server site after you know, importing it from my local machine, let's say a desktop application. So what I need to figure here identify that how many API and what kind of API S whether I need a post API or I need to get API and what are input and input points are going to be for that particular API that require me to send this uh you know, list of data and certain information to my server site.
Then next uh uh in development phase of restful web API, we need to consider an adjacent object mapper which is uh a common mechanism in um mostly restful web API use for data exchange. You can use alternative methods like XML two, but JSN is the most commonly used. So I'll be discussing that. So when I set object mapper, this is not necessarily applicable to other platform. The concept of object mapper basically comes in.net uh dot net platform. So what happened is in other uh uh you know, languages or platform, you need to write specific parcels to you know, parse your JSN information, whether the JJ N is being sent as a input to your A P A or being received as output uh to the client machine. So you need to write certain specific parcels that pass out and then you can, you know, access that information and then you can, you know, do something about it, whether it's on a client site or it's, it is in a server site. So the, you know, interesting thing and, or, or, or I would say I'm very uh uh ease of development uh aspect that.net uh platform gave us is that it, we can instead of creating specific parcels, what we can do, we can translate our uh our uh JSON file or AJ Jason, you know uh structure that we have finalized uh for client and server machine and convert them into object objects, class object, then those class object when you deserializing them or I would say when you, you know uh the uh you know, kind of decrypt it or encrypt it uh for uh while you're sending it to your server side, it will easily map the uh your JN data information to, to your object instead for you to write a very complex or typical parcel to access the information of your data.
So for example, in this example, let's suppose this is our particular JSON that we have it has certain elements to it. Li like we can see if we have a root element which has two elements inside. Uh it, one is a list. Uh This is basically a list object and then we have uh a simple property, a simple object. It, it, it's a boolean type object. Uh If I, you know, want to translate into uh you know, class object style. So uh if I look into this particular list, I can see that this particular uh list contains certain properties and these properties eventually be a uh will be my uh one of the internal object that is map onto my list. And then my list is uh you know, assigned in another object. For example, these are the properties of one object. So I write a class uh of uh of this particular object. Now, you need to uh take care of one thing here. The name of the properties that you set for this particular object has to be similar as that of mentioned in your Jason. If you, you know, add a slightly different name here and a different name here, you might get end up getting error. So this is my internal object that uh co uh contain this property. And then there is a list that eventually ha uh is basically based on this particular object.
So my my outermost object is basically uh if I translate that into class object, it will be translated into this. I have a, as I said, a one property that is of boolean type. And then I have another property which is Iris data, you can see the names are exactly same as mentioned here. And then it is actually a list because I have this particular uh list bracket. And inside it, I have multiple entries of data. So uh all I need to uh you know, reference my list into the object that I have internal object that I have previously collected. So when I need to, you know, a uh access uh my uh information or I wo would like to share my information with the server. All I need to do is create an extern, an an object which is of type this particular object, this an object. And then I need to first encrypt it or I would say serial it and then I need to send it to my uh server and then my server will receive it and it will de serialize it into the similar object and my data will be easily accessible to me and I can move around in my data and whatever, you know, uh manipulation or things I would like to do with it.
So next important element in in your development phase of restful web A PS is basically uh you know how you would would write the signature of your post and you know, get method like if you have identified a web API that is of post type, then you also need to understand the inputs and output end points that it have, if uh you know your post type or uh or your API has a very uh complex.
Now, there are uh multiple, many uh types of uh API you can have, you can have a post, you can have get, you can have put, you can have delete, but most commonly API S used are post and get, get the only key different difference between post API and get uh web API is that get API uh you know, uh send input data as a form of parameter.
You cannot send a very complex uh input information in your get uh you know, uh API if uh if you do that, then you need to ensure that it is properly encrypted and also uh your data is not very sensitive. Uh So it's uh you know, better option that if you have a very complex variable, like for example, if you have a adjacent input of something like this, then it is recommended that you use post API instead and use the adjacent object in a form body. So form body is basically how you capture that uh form body, having a jet uh token as it's a data type, it will capture that particular Json object. And then inside it, you can uh deer lize it using Newtons soft dot Json library class. And then you can, you know, do the processing over similarly if you are uh you know, get uh you are using, get type API then it is recommended if you have very few, few parameters uh uh as an input that you, then you can, you know, use your, get API to get that information based on the filtration of those variable.
And again, uh these variable are then you can manipulate inside your uh you know, uh server side uh API meth method. So now uh uh next important aspect in uh development phase, like uh up till now, we have seen uh uh you know that we have created adjacent object, you know how we can translate or uh convert our access, our uh data information, we need to, you know, translate our uh information that what kind of a PSN input, output point.
And uh you know, then we have also see that how we can, you know, do the development of the Jason uh uh not uh sorry, Jason uh ho how we can do the development of restful web API. So one thing uh I miss here in the uh previous slide, which is that that uh by default in.net a sp.net platform post and get is, you know, default names that you have to use. If you want to change these name into your own user friendly, uh you know method name, then there is a uh attribute routing method. I haven't shown that detail here, you can explore that on your own, so you can do that. But if you're not doing that, then a default behavior would be that you need to use a post and get as a default. So if there is a variation in get of with or without parameter, a platform will a automatic, I automatically identify it. Uh That, all right, this is uh the get uh API has been called with and this is uh get API has been called without the parameters. So next, next important aspect that comes in development phase is basically the authorization part. Now, in any uh restful web API, whether you choose.net platform or any other other platform, there are two ways you can authorize your restful uh web A PS one is you can use it with a SIM, you can authorize your Restful web API with a simple user name, pa password and API key combination.
And the second method you can authorize which is a bit of bit, a bit complex, uh which is token based, authorized authorization. So how do they differ? So, user name, password uh uh in user name, pass password au authorization mechanism, what you need to do at every API call you need to authenticate uh by you know, providing the user name, password. And if you have API key that these are my uh particular CRE credential, this uh particular, this my, this A P A has been called and uh uh service I first check it that whether you are authorized uh to know uh authorized to, you know, call this A P A or not. And then it will allow you to process the information on it. So each API call will authenticate every time it is being called. While in token base, you don't need to uh authenticate every time you uh at, at initial call, your uh API is being authenticated and a token is provided at uh to you, which uh which is provided to you for a specific period of time. You can, you know, increase its expiration time. And then you can use that token in other A P and you, you can easily access on each call. You won't be authenticating again and again by sending user name, password. So it need to be authenticated.
Uh first, then you in user name and password authorization. It is difficult to, you know, uh track that which user has user FP I, for example, uh if uh uh you can track that, uh you can track the fact that this particular A P A has been called a lot, but you, you cannot track that which user uh credential is uh is actually calling this because uh for authorization part, we have fixed our user name and password while on, in on token based authorization.
Aside, there is no fixture of uh you know, user can credential. Uh Every single user can authenticate, you know, share a token based on their own credentials. So you can easily track which user is using our uh restful web A PS and again, uh the issue with user name, simple, plain uh user name, password authorization is that if uh in any case, in a long run, you decided to change your user name, password, all the devices which are accessing those API S are using those credentials, they need to update.
And o obviously, if you are uh developing uh uh uh mobile application or IOT devices, they also need to, you know, update that information to access the A P A and then have to redeploy your uh entire mechanism. While on the other hand, in token based authorization has al already told it, isn't it? It's not dependent on the credential of a user. It's basically a token which is uh uh being generated based on whatever uh user is uh you know, using uh it. So uh you don't need to update your uh underlining, you know, code client site quote for, you know, a simple change of user name, password in that aspect. So now uh let's uh you know, go into the testing phase that how after the, you know, development of a restful web api how we are going to test it out out. So in order to test your restful web api, you can use rested clients. What I recommend I mostly use is basically this is uh this rested uh client plug in which is available for uh in both Firefox and Google Chrome. So what you can do it, you can add this plug in into your browser. And then you can directly test out your web A P. For example, in this case, if I would like to post uh you know, test my post stressful web A P API, I need to open that uh particular plug in, provide my post uh API information.
Uh It's URL, it's type uh If there is additional header information I would like to provide. If there is authorization, then provide it here. And then finally the input that uh uh uh if my A PS is having any inform uh input information, I can uh send it out uh through here and then I can easily test it out debug at my server side that whether my A PS are doing the work as uh you know, they are intended for and you know, removing any bug uh in between.
And similarly, you can test out, get A P A but uh uh to, to test uh get a P A there there, actually, you can test uh three you know ways uh you can test your rest uh uh get restful web A P using same rested line. The thing is you in, get in, get restful web API, you can either have no parameters like in uh in, in here, just simply call your uh API and uh and then if you have, if you have qy parameter, then there are two ways you can send your theory parameters to your URL. You can either use this particular way by key value pair uh method to, you know, prepare your Q query parameter and then attach them using a question mark. And in between your parameter for separation, there is end operator or there, there's a modern way of doing this that instead of using key value parameter, all you need to do is you need to, you know, do this uh uh you know, use slashes and then pass your values directly and they will map on your uh rest uh restful web API S at server site if you're using esp.net.
But the, but, but I do not recommend this mechanism bec because in esp.net, every time you, you know, you have in every API if you have multiple parameters, you need to configure those para meter into uh a uh A P A configuration file. There is uh available with the uh your dot uh dot net MVC uh uh platform. So you have to configure those parameters. So it's not recommended because uh if you have a simple ID, then you can use it. But if you have got multiple uh parameters to pass in your, get A P A, then I won't recommend it. Most commonly. We use this mechanism to pass a QV uh A parameter into our get tight, restful rapid. Yeah. So you can test uh all of these in your rested client then uh on uh uh let's move into deployment phase in deployment phase, deploy deployment phase uh uh for restful web A P, especially in sp.net net is very similar uh uh uh uh or, or should I say exactly as you, you know, deploy any uh other uh A sp.net MVC application on your is servers uh in internet information server, which is uh a basically a deployment server for your uh dot net appli web applications.
So you can just simply uh uh follow through those steps to deploy your web uh API project in order to, you know, access it uh uh into other devices. As for integration, you can use many different platforms, but I'm using here.net uh project. So for.net projects, you need to have these two libraries, these particular tool libraries need to install into your.net project. If you want to access uh any Restful web API even. Uh uh and, and that restful web API is not necessarily be developed on your.net. You can use access because uh as I already told you that restful web API S at client site are not dependent on any platform. All you need to do is your underlining platform mechanism and then you can simply access it. So uh obviously, uh uh I'm going to Microsoft technology stack. So that's why I'm uh you know uh using uh this particular integration method. But you can use uh any uh API uh which is development on uh on any platform. And you can simply integrate using these uh uh basically client libraries. So these two libraries need to be integrated first into your.net project then, but you need to uh for post uh restful web API, you, you first initialize your HTTP client, then you provide your base URL of your uh uh web API, then you provide uh uh you know, add to that client, your uh any additional headers or authorization part and then uh you, you know, prepare your request object or your input object that you're going to send into your restful web API.
And once that is uh prepared, you can use post adjacent uh asynchronous method to post your uh uh input to your API. Now notice here that I'm not serializing my my request object. I have just simply passed that object as a parameter. And uh uh you know, uh uh uh pass that to my post uh restful web A P. The thing is the library that we have used is they provide a feature of post as Jason. So they uh automatically convert that particular object uh A automatically serialize that object into JSON format and send it to your server. You do not have to explicitly translate this this object into uh you know uh into serialization and then attach it here, simply pass it as a parameter. Then in next step, you just uh what you do is you check uh if uh uh you know your uh uh uh re response is successful. And then you, you can, you can you see deserializing your result and then you can do the processing on it. So obviously, de serialization object need to be contracted before you you know, do the development. Similarly, you can use same mechanism to uh to you, you know uh integrate, get restful web api, initialize your HTP client, provide headers and base URL.
This is basically the key difference here because since we are uh you know, sending and get uh get type restful web API, we are using parameter as input. So we need to first convert, prepare our parameter as a key value uh parameter. So uh uh this is the mechanism how we basically convert or translate our parameter into key value pair. And then this particular method would translate into as a string which will convert into like this. And then uh in your uh final step, you can simply use get acing method. And you see we have now we have not passed uh this particular parameter as uh as a simple parameter in this me method. Instead, we are uh you know, uh conca it concatenating uh it as a string. Uh And then uh uh as you can see this uh will be this, this is how this particular uh URL will be prepared. And our uh information will be sent to our, get A API. So as I say, uh already said question mark and after question mark, you add your key value pair based on the uh on your end, uh uh your basically parameters being separated. So this particular method with will does that for you, all you have to do is uh put all of those uh key value pair into a key value pair list and you know, give it to this method and it, it will do the rest for you.
Sorry, then finally you wait for your uh response and if it's successful, then you de serialize it and you, you know, you, you use your result. Uh OK. So that's about from my end. Uh So if uh any of you would like to ask any question, I'll be answering them also, if you would like to connect with me or reach out to me, then you uh you can uh use my email address, you can go to my website and uh do also subscribe to my youtube channel. I post many uh you know, informative uh stuff there and all I also post many tutorials uh uh into uh uh of uh dot net technology on my website as well. So do check it out and uh this is uh it for me. So if anyone would like to ask any question, I'll be honest. OK. Um Yes, uh you can use postman as well to test your api just uh an example I use rested. So I, you know, share that with you. You can use postman as well if you uh you know, uh have already done with that. So anyone else? OK, to, I think we are done. So I uh so once again, thank you everyone for joining uh this session with me. And also thank you uh the entire organization team for, you know, organizing this uh amazing global con conference for all of us. And uh thank you, everyone, take care and Allah hafiz and bye.